MozDef: The Mozilla Defense Platform
Branch: master
Clone or download
mpurzynski Merge pull request #1107 from mpurzynski/duosecurity_eis536
Promote the access_device's IP address to the sourceipaddress
Latest commit 2c05bd2 Feb 20, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
bot Create .ini file for both slack and irc Feb 8, 2019
cloudy_mozdef fix SQS policy to only accept intra-account sendMessage Jan 31, 2019
config Merge remote-tracking branch 'origin/infosec_workweek' into virtualen… Oct 24, 2018
docker Change replicas to 0 for docker environment Feb 19, 2019
meteor Reenable node tls reject check in meteor Feb 14, 2019
mozdef_util Add improved error handling to initial parsing of plugin Feb 13, 2019
mq Exclude auth_success field if not present on message bro ssh logs Feb 13, 2019
rest removing unused route from Jan 8, 2019
static Remove heatmap html page Jun 15, 2017
systemdfiles Update python virtualenv path for service files Apr 20, 2018
tests Merge pull request #1107 from mpurzynski/duosecurity_eis536 Feb 20, 2019
.flake8 Fixup unused variables check Dec 14, 2018
.gitignore add feature removal docs, update gitignore Nov 6, 2018
.travis.yml upgrade travis docker-compose as per… Oct 30, 2018 Modifying urls to point to mozilla from jeffbryner, slight readabilit… Jun 15, 2017
LICENSE Updated license file to conform with MPL Feb 25, 2014
Makefile Actually working with ENV file existence check and env variable setti… Feb 1, 2019 Setup default hosted CloudFormation templates Jan 10, 2019

Build Status Documentation Status

MozDef: The Mozilla Defense Platform


The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.


  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, cymon, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation


MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

Give MozDef a Try in AWS:

Launch MozDef